History of RSA

The key breakthrough in the RSA encryption was that it allowed for encryption in a multi-user environment. In other words, there didn't need to be any active participation between the person encrypting the data and the person (or people) decrypting it at the other end.

According to Simson Garfinkel's "PGP: Pretty Good Privacy" (O'Reilly & Associates), the algorithm came out of work by Ronald Rivest, Adi Shamri, and Len Adelman (their last names are RSA) at MIT's Laboratory for Computer Science in 1976-77.

The group had been inspired by earlier work at Stanford University by Whitfield Diffie and Martin Hellman, who were pursuing multi-user cryptographic techniques. Diffie and Hellman had demonstrated a methodology that would let two people with public keys exchange a third, secret key that would allow encrypted communication.

Garfinkel writes that Rivest was struck by the idea while nursing a headache on a couch. Rivest devised the system based on the notion that it is easy to multiply two large prime numbers to create an even larger number, but hard to start with the big number and find the prime factors. Encrypted communication relies on each party having a public key and a secret key. By obtaining someone's public key, it's possible to independently agree upon a formula that lets you exchange encrypted information.

Before they could present the system, however, Rivest was contacted by an employee of the National Security Administration, who warned him that if he presented the cryptography scheme at an upcoming conference, he risked violating the 1954 Munitions Control Act. The act prohibited exporting knowledge about cryptography, and since foreign nationals would be at the conference where he was scheduled to present, he could well be exporting prohibited encryption technology. MIT was able to resolve that issue with the NSA, which later said that the employee who contacted Rivest was acting on his own.

MIT decided to patent the algorithm, but because it had been published before the patent was applied for, it couldn't get foreign rights to it. Thus the ongoing issue between licensing for US products, and not having to license it for foreign products. MIT received the patent on September 20, 1983, and granted an exclusive license to the company, RSA Security.

Now, with the patent expired and the algorithm in the public domain, we can expect to see more open source and public domain programs like PuTTY, Simon Tatham's telnet and SSH client for Windows users. Or, at the very least, expect to see them operating legally in the United States, for the first time.